Security Awareness & Training Resource Center

Boost the effectiveness of your security awareness program or earn your next certification with free tools from our resource center. Check back frequently — new resources are added every week!

Featured content

Download — HRM (Forrester) Ebook, guide & report

Deconstructing Human-Element Breaches | Infosec HRM

Human risk management isn’t just rebranded SA&T — it’s a profound change of mindset, strategy, process and technology that approaches human-related breaches in a new way. 

Read More about Download — HRM (Forrester)

Our resources

Article

Gentoo Hardening Part 1: Introduction to Hardened Profile

Introduction In this tutorial, we'll talk about how to harden a Linux system to make it more secure. We'll specifically use Gentoo Linux, but the concepts sh
Read More
Article

What We Learned from APTs in the Current Year

Early this year we witnessed major IT firms suffering from data breaches of one kind or another, and they have come out in the open about the breaches, as we
Read More
Article

Optimizing Managed Code Execution

Abstract As an application grows ever more complex, it is necessary to build a more efficient and faster .NET application that requires a special treatment
Read More
Article

Photo forensics: Detect photoshop manipulation with error level analysis

Error Level Analysis is a forensic method to identify portions of an image with a different level of compression. The technique could be used to determine if
Read More
Article

Symmetric and asymmetric encryption

This article explains how symmetric and asymmetric encryption work. It also describes how to build a secure mail system using these two types of encryption.
Read More
Article

Demystifying Java Internals (An introduction)

Volume 1 Java is a technology that makes it easy to develop distributed applications, which are programs that can be executed by multiple computers across a
Read More
Article

Phishing Counter-Measures Unleashed

In this article, I have done my best to gather and explain all the possible ways by which phishing can be avoided. Here I am going to explain phishing counte
Read More
Article

Brainpan

Brainpan is a vulnerable virtual machine created by superkojiman. It's a vulnerable virtual machine with vulnerable services and it's not intended for produc
Read More
Article

IOS Application Security Part 20 - Local Data Storage (NSUserDefaults, CoreData, Sqlite, Plist files)

In this article, we will look at the different ways in which applicatons can store data locally on the device and look at how secure these methods are. We w
Read More
Article

Will the iPhone 5S Be The Catalyst to Fingerprint Scanners on All Our Devices?

A phone used to be a simple device you would make phone calls with. It could have your contact list, or even a log of recent contacts, but that was about it.
Read More
Article

Port scanning using Scapy

TCP connect scan TCP connect is a three-way handshake between the client and the server. If the three-way handshake takes place, then communication has be
Read More
Article

Unsafe Programming

Abstract In .NET, unsafe code really means potentially unsafe code, which is code or memory that exists outside the normal boundary. This article digs into t
Read More
Article

CSRF proof of concept with OWASP ZAP

This article introduces CSRF (cross-site request forgery) vulnerability and demonstrates how to prepare a CSRF proof of concept with OWASP ZAP. [pkadzone
Read More
Article

BEAST vs. CRIME attack

Some months ago there was a top story popping up in almost all the security news feeds about CRIME attacks being able to break SSL. In this article, I would
Read More
Article

Hardware attacks, backdoors and electronic component qualification

The capillary diffusion of technology in our society has an important consequence. Hardware has to be properly analyzed during acquisition and qualification
Read More
Article

Identity Management and Access Control in a Single Sign-on Environment

In this article you will learn the following information: How businesses manage electronic identities and provide access control to their employees, custome
Read More
Article

File system manipulation

This article shows how to perform tasks involving reading and writing files from various partitions by using the C#.net programming API. In particular, it co
Read More
Article

Portable Malware Lab for Beginners – Part 2

In the previous article, "Portable Malware Lab for Beginners," I spoke about nested virtual machines, i.e., deploying a virtual machine with QEMU and Cuckoo.
Read More
Article

Managed C++/CLI Programming: Part 2

Abstract This outlines the rest of the C++/CLI object oriented programming implementations such as inheritance, interface and polymorphism. We'll understand
Read More
Article

Estonia: To Blackout an Entire Country – Part 2

IV. Attack Targets & Impact The main targets appear to be information distribution channels owned either by the Estonian government, or the private and b
Read More
Article

The BodgeIt store part two

Before we go any further, I would like to focus on how a developer thinks and likes to manage a web application development process. During the developmen
Read More
Article

The breach attack

Back in 2012, when Juliano Rizzo and Thai Duong announced the CRIME attack, a TLS / SSL Compression attack against HTTPS, the ability to recover selected par
Read More
Article

Windows Phone Digital Forensics II

Abstract Abbreviated as WP, Windows Phone is a new Smartphone operating system developed by Microsoft in order to succeed the old Windows Mobile. This "new"
Read More
Article

The BodgeIt store part one

The Bodgelt store The BodgeIt Store created by Psiinon is a vulnerable web application. It consists of a wide variety of vulnerabilities and is NOT intend
Read More